Category Archives: Dynamics CRM

PrincipalObjectAccess and double mailboxes

Leave a reply

PrincipalObjectAccess table – The stuff that nightmares are made of 🙂

Ok So first of all if you don’t know what PrincipalObjectAccess is (POA from now on), Go ahead and write it down in your favorite search engine, do some reading in the endless blog posts and articles available out there – and then get back here, as I’m going to assume that you already know what it is and how it works.

Think of the following scenario – You have 10 users in your Organization but want to use only 1 mailbox, and you want all the users to use the same email address and see the same emails in the system. Yes you should definitely use a Queue for this, but maybe you don’t feel like using a queue or just don’t know exactly how it works and how to set it up – and hey, the system does not prevent you from setting the same email address for multiple users, right…?

So can you do it this way? Probably yes
Will it actually work? Likely it will
Is it a good idea? Nope

Here’s what will happen
** Obviously this is for demonstration only DO NOT DO THIS IN YOUR ENVIRONMENT **

Step 1: Assign 10 users the same email address. (I used a yahoo.com email for testing – feel free to spam my email address :))

Step 2: Create your server-side-sync profile and assign to the users, then activate, approve, test & enable all the mailboxes – Basically do all the steps you need to do for a mailbox to start working.

Step 3: Change all the user’s settings to automatically track all emails in the mailbox (the scenario would also work for emails in reply to CRM emails).

Step 4: Send an email to the newly crated mailbox and wait a few minutes.

Step 5: Check your POA table by running a query on your DB:

SELECT TOP 100 * FROM PrincipalObjectAccess
ORDER BY ChangedOn DESC

Results:
The email that entered the system receives a POA share record for every user that owns the email address. Not so great!

This is a small example of what will happen. I found it at a customer with more then 400 users that were assigned the same mailbox and something in between a few hundreds to thousand email threads – every day!
Needless to say that in this scenario their POA table grew at a rate of about 500,000 records per day.

This could definitely be causing additional side effects but I didn’t bother to check any further 🙂

The fact that the system allows you to do things in a certain way does not always mean it’s a good practice, and if there is a mechanism built in the system to address a specific scenario – you should probably use it as there is a reason behind it.

If this post prevents from even one person setting up a system in this way – I’ve done my job 🙂

Happy POA’ing

Michael

Improving Server Side Sync performance

Leave a reply

The following blog was created after helping a customer of mine to drastically improve their server-side-sync performance by modifying the polling intervals of the mailboxes. let’s go 🙂

Understanding the mechanism

Server side sync polls mailboxes for Emails and ACT’s (Accounts, Contacts, Tasks) in sync cycles. In each sync cycle a mailbox will be inspected for new items and according to your settings for that specific mailbox it will sync these items to Dynamics.

This mechanism has an internal prioritization logic that increases and decreases the time between each polling for each mailbox according to activity that is observed on that specific mailbox. This behavior is described briefly in the SSS whitepapers and I will expand on this in this post.

A busy mailbox that has constant activity on it should be polled for items (emails) approx. every 5 minutes. But when there is no activity on the mailbox for several consecutive cycles – The mechanism will kick in and start increasing the time between each poll. At this point the mailbox enters a state of an IdleMailbox – and for these mailboxes type the sync cycle can increase to up to 6 Hours. That’s right, 6 hours. This same behavior is also relevant for ACT’s and has a separate setting with separate intervals.

This means that you can end up in a scenario in which a mailbox becomes Idle at 7:00 AM because there were no emails flowing in, and from that point the mailbox will be polled again only at 13:00 (1:00 PM) 6 hours later in the worst case scenario.

This mechanism is in place for a reason – to decrease the utilization on the email integration servers and unnecessary calls to EWS. Without it a customer that has for example 5,000 configured mailboxes but only few of them actually active – would end up with massive utilization of the servers and huge amount of calls to EWS. ((5000 x 12 email polls per hour) + (5000 x 5 ACT polls per hour)) = 85,000 polls per hour.

Luckily – we can control these settings, and it helped me solve an issue for a customer that actually needed to poll ~1000 mailboxes at a very high and consistent rate, without any delays or surprises. As explained above changing the setting caused the Async servers to soar in terms of resource consumption, so this is something you need to take into account and make sure your infrastructure can handle the change.

Explaining the parameters

The actual polling settings are stored in the DeploymentProperties table in the MSCRM_CONFIG database and are represented in seconds.

Although the Minimum values for Emails and ACT’s are 1 minute & 5 minutes – In reality Iv’e always seen that the MaximumBackoff values for polls are being used for the Active mailboxes.
Default Values

Changing the setting

You can use PowerShell on your Dynamics servers to adjust the settings. In this example we will change the IdleMailboxMaximumBackoff time from 21600 (6 Hours) seconds to 1800 seconds (30 minutes)

Add-PSSnapin Microsoft.Crm.PowerShell
Get-CrmSetting -SettingType ServerSideSyncEmailSettings
$set = Get-CrmSetting -SettingType ServerSideSyncEmailSettings
$set.IdleMailboxMaximumBackoff = “1800”
Set-CrmSetting -Setting $set
Get-CrmSetting -SettingType ServerSideSyncEmailSettings

Result after change
* not that the column name is ECidlemailboxMaximumBackoff

You could also change those settings on the DB but for safety and supportability reasons it would be a better to do it VIA PowerShell.

MailboxstatisticsBase

The MailboxStatisticsBase table is an excellent source of insights regarding the internal works of the polling mechanism. Download and run This query to see all the polls that were done on all the mailboxes and how many items were processed in each poll.  You can also filter it by a time interval to show you all the times in which a single sync cycle on any mailbox took more then X minutes – This is very useful when you need to troubleshoot sync issues. Just read the comments in the SQL query.

Additional Notes

If your MailboxStatisticsBase table is empty and not populating then it’s probably disabled for data collection – You can enable it with the OrgDBSettings tool by setting the MailboxStatisticsPersistenceTimeInDays to the number of days you want to save data for (Lot’s of data!) 0 means no data is collected.

Needless to mention – Those changes are only applicable for Dynamics on-premises deployments. And as mentioned above – If you make changes be sure you are ready for the extra resource consumption on the servers.

It’s been a long post! hope you find this useful 🙂

Michael

Back to business…

Leave a reply

It’s been a while,

2.5 years to be precise since I wrote my last post here, and quite a few things have changed. First of all I started to work for Microsoft – a big accomplishment and a personal goal that I was very happy and proud to achieve. I’m a Dynamics 365 Premier field engineer and am enjoying my work very much – So an update to my “About” section is also coming. And Of course many changes to the product, the movement to Dynamics 365 online with it’s Azure & Office 365 ecosystem, New versions and features for on-premise versions, The relatively new V9 and Unified interface, App for Outlook for both online and on-premises deployments and much much more – In other words, lot’s of stuff to write about 🙂

So as the headline above implies, I’m going to start writing again and already have some great ideas in mind that will hopefully help you out with your Dynamics 365 ventures, whether it’s online or on-premise

Watch this space & see you soon!

Michael

Dynamics CRM 2016 Step-By-Step installation guide

3 Replies

Hi everyone!

To be honest – The installation process & requirements of Dynamics CRM 2016 is practically identical to 2015 – But most people that are new to Dynamics don’t know that.

So here is a new video tutorial for Dynamics CRM 2016 installation

Dynamics CRM 2015 Unattended Installation using Command Line and XML file

Leave a reply

In this new tutorial I will show you how to perform a silent installation for Dynamics CRM 2015. You can use this procedure to quickly deploy Test/Dev and also production enviroments using a pre-configured XML template.Installing CRM with an XML file provides you some features you don’t have in the regular GUI installation such as chosing the names for the Security Groups used by Dynamics CRM.

Example XML Files (Change the doc extension to xml):

With Pre-Configured OU Groups:
https://microsoftdynamicsessentials.files.wordpress.com/2015/04/crmsilentinstallwithpreconfiguredgroups.doc

Without Pre-Configured OU Groups:
https://microsoftdynamicsessentials.files.wordpress.com/2015/04/crmsilentinstall1.doc

Microsoft Dynamics CRM 2015 Update 0.1 Released

Leave a reply

Update 0.1 for Microsoft Dynamics CRM 2015 is finally out and you can download it here:

https://www.microsoft.com/en-us/download/details.aspx?id=46552

As you probably noticed Microsoft changed their naming convention and it will no longer be called “Rollup”. The 0.1 update contains many fixes and performance enhancements.

“The target principal name is incorrect. Cannot generate SSPI context” error message during Dynamics CRM Setup

1 Reply

During Dynamics CRM 2015/2013 setup you might encounter this error in the final system checks process:

11

This is caused due to improper SPN’s (Service Principal Name) configuration for the SQL server. To resolve this follow these steps:
1. Connect to your SQL server and go to services (Start -> services.msc) from there locate your SQL service and check the Log on account

22

2. Open CMD with Run As Administrator and run the following commands one by one (you need to use a high privileged domain account):

setspn –A MSSQLSvc/<SQL Server computer name>:1433 <Domain\Account>
setspn -A MSSQLSvc/<SQL Server FQDN>:1433 <Domain\Account>

In my case the syntax would be:

setspn –A MSSQLSvc/CRM-SQL:1433 TZOOKI\sqlsvc
setspn –A MSSQLSvc/CRM-SQL.tzooki.com:1433 TZOOKI\sqlsvc

cmd

Notes:

  • If you are running SQL with NETWORK SERVICES or NT Service\MSSQLSERVER – then you need to register the SPN’s for the machine name (it is less likely to encounter this error in that scenario – but possible) – example:
    setspn –A MSSQLSvc/CRM-SQL:1433 TZOOKI\crm-sql
  •  If you changed the default SQL port from 1433 to something else – then you need to update the commands accordingly

3. In Dynamics CRM setup click back & next – Problem should be solved – You can now continue the installation.

Another approach:

If you have issues with the CMD commands then there is a way to solve this with a simple GUI instead:
1. Connect to your Active Directory server -> open the ADSI Editor and locate your service account (or machine name if you are using NETWORK SERVICES or NT Service\MSSQLSERVER)
2. Right click -> Properties

3

3. In the Attribute Editor locate ServicePrincipalName and click Edit.
4. Add your SPN’s accordingly:

4

5. Click OK & Apply – You installation should now go through without issues

Good Luck with the rest of the installation 🙂

Step-By-Step Dynamics CRM 2015 Installation Guide

9 Replies

Hey everyone!

So I finally decided to create my very first video tutorial – it’s a basic & simple installation guide for Dynamics CRM 2015  on 2 servers and you can watch it on my YouTube channel

I hope you find this helpful & useful!

More stuff coming soon!

Microsoft.Crm.CrmSecurityException: Could not find GUID for server: SERVERNAME$ With SearchFilter:samAccountName

Leave a reply

Hi everyone!

I have stumbled into the following issue during a CRM 2013 setup: You run a regular installation and the setup completes with the following error:

Action Microsoft.Crm.Tools.Admin.ProvisionBusinessAction failed.

Once I closed the error I noticed that CRM was actually installed and all the services were running, but the Organization was in a “failed” status and was inaccessible. When I tried to delete it and recreate it – it fails again with the same error.
After a closer look at the error log I found the following entry:

Microsoft.Crm.CrmSecurityException: Could not find GUID for server: SERVERNAME$ With SearchFilter:samAccountName

So I did some googling and found a few people that encountered this problem with an ADFS deployment – but nothing solved my issue.
Eventually the problem in my case was that ports 3268 & 3269 were blocked (those are the Global Catalog LDAP & Global Catalog LDAP SSL ports) and the solution to this was to open those ports in the Firewall.

If you encounter the same issue you need to check if the required ports are open against your current Domain controller:

1. Open CMD with run as admin and type “echo %LOGONSERVER%” – this will return the DC you are authenticating with.
2. Then type Telnet dcname port# (You need to add the Telnet client feature through the server management console).
For example: telnet DC01 3268

If you receive a message that a connection cannot be made – this means the ports are blocked and need to be opened by your IT staff / Sys admin.

You should run this test for all the required protocols:

Service Name TCP
LDAP 389
LDAP SSL 636
RPC Endpoint Mapper 135
Global Catalog LDAP 3268
Global Catalog LDAP SSL 3269
Kerberos 88

In any case you should always verify that all the required ports are open according to “Connectivity and Firewall Port Requirements for Microsoft Dynamics CRM 2013” document – which you can find here:

http://www.microsoft.com/en-us/download/details.aspx?id=40324

Hope this one was informative & Helpful 🙂

Michael.